From BStegmaier
Contents |
Block most ports
- Accept only connections
- to localhost
- initiated the the box itself
- to port 22 but filtered through fail2ban
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
iptables -P INPUT DROP
NAT with masquerading
- Precondition is routing between interfaces
echo "1" > /proc/sys/net/ipv4/ip_forward
- Set up masquerading on public interface eth0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Misc
- Block given ip address
iptables -I INPUT -s 123.123.123.123 -j DROP
